Hi,
I think the use of anonymous authentication in managesieve sounds like a
hack. It's not authentication, it's reusing RFC 2245 for another
purpose.
I suggest dropping it and adding this instead:
Servers MAY allow the PUTSCRIPT command to unauthenticated clients. In
this case, the server MUST carry out a syntax check of the uploaded
script, report any errors and MUST NOT store the script. A server
signals this functionality by offering the capability PUTSCRIPT.
(Is it conceivable that the correctness of a script might depend on the
uploading user? Could extensions be available to a subset of the
users?)
This permits anonymous to be used in a way more similar to other
authentication mechanisms. For example, some sites might permit
anonymous users (inside the firewall) read access to a pool of globally
readable scripts. A bit far-fetched given that the include script seems
dead.
Arnt